PHP/Rst.CO!tr.bdr

description-logoAnalysis



PHP/Rst.CO!tr.bdr is a generic detection for a backdoor Trojan. Since this is a generic detection, this malware may have varying behaviour.
Below are some of the observed characteristics/behaviours:

  • This malware may be implanted in hijacked websites.

  • Once implanted, this malware may feign a GIF but has embedded PHP that may have some or all of the following capabilties:
    • allow for file uploading
    • allow for command line executions
    • allow for database manipulation
    • reveal user info
    • involve password cracking techniques

  • Below is an illustration of this malware:

    • Figure 1: Malware.



recommended-action-logoRecommended Action

    FortiGate Systems
  • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
    FortiClient Systems
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

FortiGate
FortiClient
FortiAPS
FortiAPU
FortiMail
FortiSandbox
FortiWeb
Web Application Firewall
FortiIsolator
FortiDeceptor
FortiEDR

Version Updates

Date Version Detail
2019-02-04 66.14300 Sig Added
2019-02-01 66.07900 Sig Updated
2018-12-21 65.06800 Sig Added
2018-12-21 65.06700 Sig Updated